Related Resource

Please Fill Out Form

to Request Document

To stay updated about the latest Futurex news, products, services, and events via occasional e-mails from us, select YES below. You can unsubscribe at any time.

Yes, please keep me updated via e-mail.

Please Fill Out Form

to Request Document

Required Fields*

Email *

To stay updated about the latest Futurex news, products, services, and events via occasional e-mails from us, select YES below. You can unsubscribe at any time.

Yes, please keep me updated via e-mail.

Microsoft Active Directory Certificate Services (AD CS), through a server that acts like a certificate authority (CA), provides management of certificates that are essential to Public Key Infrastructure (PKI). By utilizing a network connected Futurex HSM, organizations are able to securely expedite the storage, encryption, and signing of certificates.

Greater Security for Certificate Authorities

While Microsoft AD CS provides many benefits for your PKI environment as a stand-alone service, hardware security modules (HSMs) fortify the security of your CA keys in a way that software is unable to. Organizations with existing PKIs, by using a HSM to create new keys, tremendously strengthen the integrity and confidentiality of their data.

Of the services provided by Microsoft AD CS, the most frequent is the use of the server to act as a CA. CAs can:

Issue and distribute certificates, which confirm the identity of the owner of a given private key

Clarify certificates’ acceptable use policies

Revoke certificates through the publishing of certificate revocation lists (CRLs)

Log certificate requests, issuance, and revocations

Why Incorporate Futurex HSMs?

Poorly managed PKI can expose organizations to numerous vulnerabilities. The cryptographic signing keys of a CA, used as the basis for CRLs, are essential to maintaining a PKI, and as such they are often the target of sophisticated attacks. Without the protection of an HSM, many talented hackers and fraudsters have the capability to manipulate CAs. With compromised CAs, the validity of the certificates issued by them becomes questionable. The Data Protection API (DPAPI) offered by Microsoft provides password protection. However, anyone with access to that password can manipulate and alter the CA.

If organizations utilize Futurex technology to protect CAs, they are backed by cryptographic processors that are compliant with highly rigorous security standards, including FIPS 140-2 Level 3. Futurex HSMs are equipped with physical and logical security measures to ensure security breaches are prevented.